WHAT DOES THE EU-UK TRADE DEAL MEAN FOR TRANSFERS OF PERSONAL DATA?

Derby Office Icon

 

The Trade and Co-operation Agreement agreed between the EU and UK on Christmas Eve (the ‘Agreement’) includes an important interim measure designed to ensure that transfers of personal data between the EU and UK can continue to take place.

Without the interim measure, once the Brexit transition period ended on 31st December 2020, the UK would have been treated as a ‘third country’ for data protection purposes. As the EU Commission has not yet made a decision that the UK data protection regime offers adequate protection for personal data (known as an ‘adequacy decision’), this would have meant that transfers of personal data from the EU to the UK would have been prohibited unless an approved transfer mechanism was in place or one of the limited GDPR exceptions applied. For many organisations, this would have resulted in a scramble to put in place EU approved standard contractual clauses.

However, as a result of the Agreement, a ‘grace period’ of between 4 and 6 months has been put in place. During this period, transfers of personal data from the EU to the UK can continue to take place as if the UK was still a member of the EU. The hope is that, before the end of the 6-month cut-off, the EU Commission will have granted an adequacy decision in favour of the UK (the grace period will automatically come to an end if an adequacy decision is made).

Transfers of personal data from the UK to the EU did not need to be catered for in the Agreement since the UK has already taken steps to recognise the adequacy of EU data protection law (at least for the time being).

What is the practical implication of the grace period for organisations?

The grace period means that organisations can, for the next 6 months, continue to receive personal data from the EU or access personal data stored in the EU without needing to take additional steps or identify an applicable exception under the GDPR.

However, organisations need to keep an eye on the horizon. Whilst the signs are looking good, there is no guarantee that the EU Commission will make an adequacy decision in the UK’s favour during the grace period. Consequently, organisations need to think about how they will ensure that personal data transfers can continue to take place in the event of a no-adequacy outcome (particularly if those data transfers are of a business-critical nature).

Other Brexit consequences

EU to UK data transfers aside, the Agreement doesn’t change the position relating to the other data protection consequences which flow from Brexit. So, for example:

  • the UK now has its own data protection regime known as the UK GDPR, which, although based upon the EU GDPR will operate separately;
  • some UK organisations may now need to appoint a representative in the EU; and
  • some UK organisations will now be subject to supervision by more than one supervisory authority.

Some of the changes may mean that you need to update your data protection compliance documents and contracts.

If you’d like more information about what your organisation may need to do to prepare for the end of the data transfer grace period or about the other data protection consequences of Brexit, please get in touch with a member of our Information Law Team.

RELATED:INFORMATION LAW


MORE FROM THE ADVICE CENTRE

News

Geldards’ Dispute Resolution team promote new partner
10/02/2021
Andrea Clayton, a dispute resolution specialist based in the Derby office, was promoted from Senior Associate to Associate Partner in February 2021 in the latest round of promotions at the firm.
more...

Events

Employment Power Hour: Exiting Employees
08/02/2021
25th February - Wales Employment
We had hope that 2021 would see the return of face to face PowerHours. Unfortunately, for the time being at least, that isn’t possible so we going to run our first HR PowerHour of the year as an interactive virtual session and we’ll be looking at the topic of exiting employees.
more...

Blogs

Celebrity divorce – Kim and Kanye
24/02/2021
Kim and Kanye are perhaps one of the biggest celebrity power couples of recent times. It’s not just divorce lawyers who are going to be interested in seeing how their divorce unfolds.
more...

Publications

Salus – Wealth and Family Protection
11/03/2020
Salus Magazine is brought to you by the Private Client team at Geldards to help you protect your wealth and family.
more...

Content Contacts

PARTNER

Lowri Phillips

LOWRI PHILLIPS

Partner, Cardiff

+44 (0)29 2039 1758
email
more...

HEAD OF KNOWLEDGE MANAGEMENT

Hayley Lewis

HAYLEY LEWIS

Head of Knowledge Management, Cardiff

+44 (0)29 2039 1785
email
more...

PROFESSIONAL SUPPORT LAWYER

Helen Snow

HELEN SNOW

Professional Support Lawyer, Cardiff

+44 (0)29 2039 1497
email
more...